Skip to content

Latest commit

 

History

History
131 lines (91 loc) · 3.35 KB

site_templated_rule.md

File metadata and controls

131 lines (91 loc) · 3.35 KB
Raw
page_title subcategory description
sigsci_site_templated_rule Resource - terraform-provider-sigsci

sigsci_site_templated_rule (Resource)

Example Usage

resource "sigsci_site_templated_rule" "test_template_rule" {
  site_short_name = sigsci_site.my-site.short_name
  name            = "LOGINATTEMPT"
  detections {
    enabled = "true"
    fields {
      name  = "path"
      value = "/#/*"
    }
  }

  alerts {
    long_name              = "alert 1"
    interval               = 60
    threshold              = 10
    skip_notifications     = true
    enabled                = true
    action                 = "info"
    block_duration_seconds = sigsci_site.my-site.block_duration_seconds
  }

  alerts {
    long_name              = "alert 2"
    interval               = 60
    threshold              = 1
    skip_notifications     = false
    enabled                = false
    action                 = "info"
    block_duration_seconds = 64000
  }
}
Warning: You must terraform apply with the option parallelism=1 when using this resource or risk data inconsistencies! See the FAQ.

Schema

Required

  • detections (Block Set, Min: 1) description (see below for nested schema)
  • name (String) Name of templated rule. This must match an existing templated rule e.g., LOGINATTEMPT, CMDEXE, XSS...
  • site_short_name (String) Site short name

Optional

Read-Only

  • id (String) The ID of this resource.

Nested Schema for detections

Required:

  • enabled (Boolean)

Optional:

Read-Only:

  • id (String) The ID of this resource.
  • name (String)

Nested Schema for detections.fields

Required:

  • name (String)
  • value (String)

Nested Schema for alerts

Required:

  • action (String) To block requests immediately use (blockImmediate), Threshold level blocking: For logging use (info), for blocking use (template)
  • block_duration_seconds (Number)
  • enabled (Boolean)
  • long_name (String)
  • skip_notifications (Boolean)

Optional:

  • interval (Number)
  • threshold (Number)

Read-Only:

  • id (String) The ID of this resource.

Available Templates

//These are the valid values for the 'name' field.
signals = ["AWS-SSRF", "CVE-2017-5638", "CVE-2017-7269", "CVE-2017-9805", "CVE-2018-9206", "CVE-2018-11776",
  "CVE-2019-0192", "CVE-2019-0193", "CVE-2019-0232", "CVE-2019-2725", "CVE-2019-3396", "CVE-2019-5418", "CVE-2019-6340",
  "CVE-2019-14234", "CVE-2019-16759", "CVE-2021-26855", "LOGINATTEMPT", "LOGINFAILURE", "LOGINSUCCESS", "REGATTEMPT",
  "REGFAILURE", "REGSUCCESS"]

If you do not see the signal you want in this list, check out the Rules page for some additional templates

Import

Import is supported using the following syntax:

terraform import sigsci_site_templated_rule.test site_short_name:id